mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
d3123858fb
This implements the note from MS-NRPC 3.1.4.1 Session-Key Negotiation:
7. If none of the first 5 bytes of the client challenge is unique, the
server MUST fail session-key negotiation without further processing of
the following steps.
It lets ./zerologon_tester.py from
https://github.com/SecuraBV/CVE-2020-1472.git
report: "Attack failed. Target is probably patched."
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
84 lines
2.3 KiB
Python
84 lines
2.3 KiB
Python
#!/usr/bin/env python
|
|
|
|
bld.SAMBA_LIBRARY('cliauth',
|
|
source='',
|
|
deps='MSRPC_PARSE LIBCLI_AUTH COMMON_SCHANNEL PAM_ERRORS SPNEGO_PARSE krb5samba samba-errors NTLM_CHECK UTIL_LSARPC',
|
|
private_library=True,
|
|
grouping_library=True)
|
|
|
|
bld.SAMBA_SUBSYSTEM('MSRPC_PARSE',
|
|
source='msrpc_parse.c',
|
|
deps='talloc'
|
|
)
|
|
|
|
bld.SAMBA_SUBSYSTEM('NTLM_CHECK',
|
|
source='ntlm_check.c',
|
|
deps = 'talloc LIBCLI_AUTH'
|
|
)
|
|
|
|
bld.SAMBA_SUBSYSTEM('LIBCLI_AUTH',
|
|
source='credentials.c session.c smbencrypt.c smbdes.c',
|
|
public_deps='MSRPC_PARSE gnutls GNUTLS_HELPERS util_str_escape',
|
|
public_headers='credentials.h:domain_credentials.h'
|
|
)
|
|
|
|
|
|
bld.SAMBA_SUBSYSTEM('COMMON_SCHANNEL',
|
|
source='schannel_state_tdb.c',
|
|
deps='dbwrap util_tdb samba-hostconfig NDR_NETLOGON'
|
|
)
|
|
|
|
bld.SAMBA_SUBSYSTEM('NETLOGON_CREDS_CLI',
|
|
source='netlogon_creds_cli.c',
|
|
deps='dbwrap util_tdb tevent-util samba-hostconfig RPC_NDR_NETLOGON NDR_NETLOGON'
|
|
)
|
|
|
|
bld.SAMBA_SUBSYSTEM('PAM_ERRORS',
|
|
source='pam_errors.c',
|
|
deps='talloc'
|
|
)
|
|
|
|
bld.SAMBA_SUBSYSTEM('SPNEGO_PARSE',
|
|
source='spnego_parse.c',
|
|
deps='asn1util')
|
|
|
|
bld.SAMBA_BINARY(
|
|
'test_ntlm_check',
|
|
source='tests/ntlm_check.c',
|
|
deps='''
|
|
NTLM_CHECK
|
|
CREDENTIALS_NTLM
|
|
samba-credentials
|
|
cmocka
|
|
talloc
|
|
''',
|
|
for_selftest=True
|
|
)
|
|
|
|
bld.SAMBA_BINARY('test_rc4_passwd_buffer',
|
|
source='tests/test_rc4_passwd_buffer.c',
|
|
deps='''
|
|
INIT_SAMR
|
|
LIBCLI_AUTH
|
|
cmocka
|
|
''',
|
|
for_selftest=True)
|
|
|
|
bld.SAMBA_BINARY('test_schannel',
|
|
source='tests/test_schannel.c',
|
|
deps='''
|
|
gensec
|
|
cmocka
|
|
''',
|
|
for_selftest=True)
|
|
|
|
bld.SAMBA_BINARY('test_gnutls',
|
|
source='tests/test_gnutls.c',
|
|
deps='''
|
|
gnutls
|
|
LIBCLI_AUTH
|
|
cmocka
|
|
samba-util
|
|
''',
|
|
for_selftest=True)
|